CVE-2005-3627 (retired)

Priority
Description
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml,
poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify
memory and possibly execute arbitrary code via a DCTDecode stream with (1)
a large "number of components" value that is not checked by
DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large
"Huffman table index" value that is not checked by
DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps
value by DCTStream::readScanInfo.
Package
Upstream:needs-triage
Package
Source: gpdf (LP Ubuntu Debian)
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-03-26 11:35:59 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)